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Claims: 

1. A computer system comprising: 
a processor; 
a memory storage unit; 
5 an operating system comprising a kernel, said kernel comprising a 

plurality of kernel modules, said kernel modules comprising signature 
information; and 

a kernel module signature verification system for verifying said kernel 
module signature information of each of said plurality of kernel modules as said 
10 plurality of kernel modules are loaded into said kernel. 



2. The computer system of Claim 1, wherein said kernel module signature 
information is generated via a public key and a private key compilation in said 
kernel module. 

15 

3. The computer system of Claim 2, wherein said kernel module signature 
information comprises signature length data xmique to each of said plurality of 
kernel modules, said signature length data used by said kernel module signature 
verification system in uniquely identifying each of said plurality of kernel 

20 modules. 



4. The computer system of Claim 3, wherein said kernel module signature 
information further comprises signature size data for further uniquely 
identifying each of said kernel module. 
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5. The computer system of Claim A, wherein said kerr\el module signature 
verification system comprises a kernel cryptographic framework for verifying 
said kernel module signature information. 

5 6. The computer system of Claim 5, wherein said kernel module signature 

verification system further comprises a kernel cryptographic framework daemon 
for performing verification lookup operations of signature information provided 
to said kernel cryptographic framework in said kernel. 

10 7. The computer system of Claim 6, wherein said kernel cryptographic 

framework daemon further performs module verification of said plurality of 
kernel modules. 

8. The computer system of Claim 7, wherein said kernel cryptographic 

15 framework retrieves pathname information of said signature information for 
each of said plurality of kernel modules when said plurality of kernel modules 
attempt to load up to said kernel to perform cryptographic operations. 

9. The computer system of Claim 8, wherein said kernel cryptographic 

20 framework comprises a cryptographic service provider registration unit for 
registering each of said plurality of kernel modules wishing to provide 
cryptographic services in said kernel. 

10. The computer system of Claim 9, wherein said kernel cryptographic 

25 framework further comprises a intra-kernel communication unit for enabling 
communications between said kernel cryptographic framework and said kernel 
cryptographic framework daemon. 
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11. The computer system of Claim 10, wherein said kernel cryptographic 
framework further comprises a data structure unit for storing said kernel module 
signature information. 

5 

12. A computer operating system comprising: 

a memory storage unit; 

a kernel, said kernel comprising a plurality of kernel modules; and 
a kernel module signature verification system for verifying signature 
10 information of said plurality of kernel modules. 

13. The computer operating system of Claim 12, wherein said kernel signature 
information comprises kernel signature data for uniquely identifying each one of 
said plurality of kernel modules. 

15 

14. The computer operating system of Claim 13, wherein said kernel signature 
information further comprises signature length data for further uniquely 
identifying each one of said plurality of kernel modules. 

20 15. The computer operating system of Claim 14, wherein said kernel signature 
information further comprises signature size data for each of said plurality of 
kernel modules. 

16. The computer operating system of Claim 15, wherein said kernel module 
25 signature verification system comprises a kernel cryptographic framework for 
authorizing and verifying signature information of kernel cryptographic 
modules loading into said kernel to provide kernel cryptographic services. 
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17. The computer operating system of Claim 16, wherein said kernel module 
signature verification system further comprises a kernel cryptographic 
framework daemon. 

5 

18. The computer operating system of Claim 17, wherein said kernel 
cryptographic framework daemon performs module verification of said plurality 
of kernel modules. 

10 19. The computer operating system of Claim 18, wherein said kernel 

cryptographic framework retrieves pathname information of said signature 
information for each of said plurality of kernel modules when said plurality of 
kernel modules attempt to load up to said kernel to perform cryptographic 
operations. 

15 

20. The computer operating system of Claim 19, wherein said kernel 
cryptographic framework comprises a cr3^tographic service provider 
registration unit for registering each of said plurality of kernel modules wishing 
to provide cryptographic services in said kernel. 

20 

21 . The computer operating system of Claim 20, wherein said kernel 
cryptographic framework further comprises an intra-kernel communication unit 
for enabling commimications between said kernel cryptographic framework and 
said kernel cryptographic framework daemon. 

25 



SUN-P8781/PIP/011 



June 13, 2003 



SUN CONFIDENTIAL 

22. The computer operating system of Claim 21, wherein said kernel 
cryptographic framework further comprises a data structure unit for storing said 
kernel module signature information. 

5 23. The computer operating system of Claim 22, wherein said kernel 

cryptographic framework and said kernel cryptographic framework daemon 
communicate via a plurality of input/ output control commands. 

24. The computer operating system of Claim 23, wherein said input/output 
10 control commands comprise a door create command for creating a plurality of 

cryptographic doors for enabling communication between said kernel 
cryptographic framework and said kernel cryptographic framework daemon. 

25. In a computer system, a computer software implemented kernel module 
15 signature verification system, comprising: 

kernel cryptographic framework for verifying signatures uniquely defining 
each of a plurality of kernel cryptographic modules; and 

kernel cryptographic framework daemon for performing module 
verification for each of said plurality of kernel cryptographic modules. 

20 

26. The kernel module signature verification system of Claim 25, wherein said 
kernel cryptographic framework daemon retrieves pathname information of said 
signature information for each of said plurality of kernel modules when said 
plurality of kernel modules attempt to load up to said kernel to perform 

25 crj^tographic operations. 
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27. The kernel module signature verification system of Claim 26, wherein said 
kernel cryptographic framework comprises a cryptographic service provider 
registration unit for registering each of said plurality of kernel modules wishing 
to provide cryptographic services in said kernel. 

5 

28. The kernel module signature verification system of Claim 27, wherein said 
kernel cryptographic framework further comprises an intra-kernel 
communication unit for enabling communications between said kernel 
cryptographic framework and said kernel cryptographic framework daemon. 

10 

29. The kernel module signature verification system of Claim 28, wherein said 
kernel cryptographic framework further comprises a data structure imit for 
storing said kernel module signature information. 

15 30. The kernel module signature verification system of Claim 29, wherein said 
kernel cryptographic framework and said kernel cryptographic framework 
daemon commimicate via a plurality of input/output control commands. 

31. A method of verifying and authenticating kernel cryptographic modules, 
20 said method comprising: 

providing a kernel cryptographic framework for verifying signature data 
in each of a plurality of kernel cryptographic modules; and 

providing a kernel cryptographic framework for communicating with said 
kernel cryptographic framework for performing module verification of said 
25 plurality of kernel cryptographic modules. 
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32. The method of Claim 31, wherein said kernel cryptographic framework 
daemon creates an unnamed door that is passed to establish conununication 
between said kernel cryptographic framework and said kernel cryptographic 
framework daemon. 

5 

33. The method of Claim 32, wherein said kernel cryptographic framework 
accepts registration requests from a requesting kernel module of said plurality of 
kernel cryptographic modules to register as cryptographic service providers. 

10 34. The method of Claim 33, wherein said kernel cryptographic framework 
daemon verifies signature data contained in each of said plurality of kernel 
cryptographic modules after said requesting kernel module has registered with 
said kernel cryptographic framework. 

15 35. The method of Claim 34, wherein said kernel cryptographic framework 
daemon passes results from verifying said signature data of said requesting 
kernel module to said kernel cryptographic framework. 

36. The method of Claim 35, wherein said kernel cryptographic framework 
20 verifies whether said results from verifying said signature data of said requesting 
kernel module compares with signature information stored in said kernel 
cryptographic framework to authenticate said requesting kernel module. 
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